Thursday, November 20 1:00 pm PST/4:00 pm ET • FREE

Speakers:

"Clickjacking" is all over the news lately. For the uninitiated, it's a set of techniques discovered by Jeremiah Grossman
and Robert Hansen that allows an attacker to transparently capture a user's clicks, forcing the user to do all manner of
unpleasant things ranging from adjusting security settings to unwittingly visiting websites with malicious code.

The vectors for this attack include all the major browsers and Flash. In co-operation with Adobe, the discoverers delayed
public discussion to allow a patch to be created. In the intervening time, other researchers have made partial disclosures,
but this is your chance to join co-discoverer Jeremiah Grossman for a Black Hat webcast that deals with the attack from all
sides. Bring your questions - we'll have a Q&A session after the presentation.

Jeremiah Grossman

Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a world-renowned expert
in Web security, co-founder of the Web Application Security Consortium, and named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is
a frequent speaker at major industry events around the globe, a Black Hat veteran, and has been invited to present at a number of
large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack
and defensive techniques; and is a co-author of XSS Attacks. Mr. Grossman is frequently quoted in major media publications such as
InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, Cnet, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat
he was an information security officer at Yahoo!

Eric Lawrence

Eric Lawrence is a Security Program Manager on the Internet Explorer 8 team. He recently spoke at Hack
in the Box 2008 and the O'Reilly Velocity Conference. Prior to his current role, Eric was responsible for networking and HTTPS
improvements in IE7. Outside of Microsoft, Eric is best known as the developer of the Fiddler web debugging platform, used by
security and web professionals worldwide.